Vulnerabilities > Blackcat CMS > Blackcat CMS > 1.3.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-09 | CVE-2020-25877 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. | 3.5 |
2021-07-09 | CVE-2020-25878 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | 3.5 |
2021-02-16 | CVE-2021-27237 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.6 The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | 3.5 |
2020-09-15 | CVE-2020-25453 | Cross-Site Request Forgery (CSRF) vulnerability in Blackcat-Cms Blackcat CMS An issue was discovered in BlackCat CMS before 1.4. | 6.8 |